APPLE has rolled out Background Security Improvements, a new mechanism that delivers lightweight security fixes between software updates, beginning with fresh WebKit patches and extending to other components such as Safari and system libraries. The feature is designed to provide protections between updates and is currently supported and enabled in iOS 26.1, iPadOS 26.1, and macOS 26.1, with future platform iterations expected to follow; Apple also warns it may be disabled if it causes compatibility problems.
The first protections target CVE-2026-20643, a cross-origin WebKit bug exploitable via malicious web content, addressing it with improved input validation as noted in the advisory. If a Background Security Improvement is removed, the device reverts to the baseline software update (for example, iOS 26.3) with no Background Security Improvements applied. The update was pushed out as iOS 26.3.1 (a), iPadOS 26.3.1 (a), macOS 26.3.1 (a), and macOS 26.3.2 (a).